SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS Clause Samples

SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. SSA shall comply with the Office of Child Support Enforcement Division of Federal Systems This section provides the safeguarding requirements with which OCSE and SSA shall comply and continuously monitor. SSA shall also comply with three additional requirements: Breach Reporting and Notification Responsibility, Security Authorization, and Audit Requirements. The safeguarding requirements for receiving NDNH information and the safeguards in place at OCSE for protecting the agency input files are as follows: 1. SSA shall restrict access to, and disclosure of, the NDNH information to authorized personnel who need the NDNH information to perform their official duties in connection with the authorized purposes specified in the agreement. OCSE restricts access to and disclosure of the agency input files to authorized personnel who need them to perform their official duties as authorized in this agreement. 2. SSA shall establish and maintain an ongoing management oversight and quality assurance program to ensure that only authorized personnel have access to NDNH information. OCSE management oversees the use of the agency input files to ensure that only authorized personnel have access. Policy/Requirements Traceability: 5 U.S.C. § 552a; NIST SP 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations, PL-4(1), PS-6, PS-8 3. SSA shall advise all authorized personnel who will access NDNH information of the confidentiality of the NDNH information, the safeguards required to protect the NDNH information, and the civil and criminal sanctions for non-compliance contained in the applicable federal laws, including section 453(l)(2) of the Social Security Act. 42 U.S.C. § 653(l)(2). OCSE advises all personnel who will access the agency input files of the confidentiality of the information, the safeguards required to protect the information, and the civil and criminal sanctions for non-compliance contained in the applicable federal laws. 4. SSA shall deliver security and privacy awareness training to personnel with authorized access to NDNH information and the system that houses, processes, or transmits NDNH information. The training shall describe each user’s responsibility for proper use and protection of NDNH information, how to recognize and report potential indicators of insider threat, and the possible sanctions for misuse. All personnel shall receive security and privacy awareness training before accessing NDNH information and, at...
View SourceView Similar (7)
SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. The safeguarding requirements in this security addendum are drawn from the Office of Child Support
View SourceView Similar (6)
SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. HUD shall comply with the Office of Child Support Enforcement Division of Federal Systems Security Requirements for Federal Agencies Receiving Federal Parent Locator Service Data. ▇▇▇ received this document on November 13, 2020. The safeguarding requirements in this security addendum are drawn from this document and are also based on the federal laws and requirements governing the protection of information referenced in section I of this security addendum.
View SourceView Similar (3)
SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. The state agency shall comply with the Office of Child Support Enforcement
View SourceView Similar (2)
SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. The state agency must comply with the applicable provisions of FISMA, the applicable Office of Management and Budget (OMB) memoranda, and the applicable guidelines of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Federal Information Systems and Organizations, September 2020, updated December 10, 2020; HHS Policy for Information Security and Privacy Protection, November 2021; and the Automated Systems for Child Support Enforcement: A Guide for States, updated 2017 (Federal Certification Guide). The following requirements are drawn from these statutes, regulations, and guidelines. The HHS Policy for Information Security and Privacy Protection can be shared with a state agency upon request. The security requirements with which the state agency must comply are presented in three categories: management, operational, and technical. The state agency must also comply with additional requirements: Cloud Solution (optional for cloud environments), Retention and Disposition Requirements, Breach Reporting and Notification Responsibility, Security Certification, and Audit Requirements.
View SourceView Similar (2)
SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. This section outlines the safeguarding requirements for receiving NDNH information as well as the safeguards in place at OCSE for protecting the agency finder file. The requirements are drawn from the federal laws and requirements governing the protection of information referenced in Section I of this security addendum as well as the Office of Child Support Enforcement Division of Federal Systems Security Requirements for Federal Agencies Receiving Federal Parent Locator Service Data. SSA was provided a copy of the HHS-OCIO Policy for Information Systems Security and Privacy (IS2P) and the Office of Child Support Enforcement Division of Federal Systems Security Requirements for Federal Agencies Receiving Federal Parent Locator Service Data, on May 19, 2014. The security requirements to which OCSE and SSA shall ensure compliance and continuously monitor are presented in three categories: administrative, technical, and physical, and three additional sections: Breach Reporting and Notification Responsibility, Security Authorization, and Audit Requirements.
View Source
SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. The state agency shall comply with the Office of Child Support Enforcement Division of Federal Systems Security Requirements for State Agencies Receiving National Directory of New Hires Data. The state agency received this document on November 1, 2018. The safeguarding requirements in this security addendum are drawn from this document.
View Source
SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. SSA shall comply with the Office of Child Support Enforcement Division of Federal Systems Security Requirements for Federal Agencies Receiving Federal Parent Locator Service Data. SSA received this document on May 14, 2019. The safeguarding requirements in this security addendum are drawn from this document and are also based on the federal laws and requirements governing the protection of information referenced in section 1 of this security addendum. This section presents the safeguarding requirements with which OCSE and SSA shall comply and continuously monitor. SSA shall also comply with three additional requirements:
View Source
SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS. The safeguarding requirements in this security addendum are drawn from the Office of Child Support Enforcement Division of Federal Systems Security Requirements for Federal Agencies Receiving National Directory of New Hires Data. This document is available upon request from ▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇.▇▇▇.▇▇▇.
View Source

Related to SECURITY AND PRIVACY SAFEGUARDING REQUIREMENTS

  • Compliance with Safeguarding Customer Information Requirements The Servicer has implemented and will maintain security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information published in final form on February 1, 2001, 66 Fed. Reg. 8616, and the rules promulgated thereunder, as amended from time to time (the “Guidelines”). The Servicer shall promptly provide the Seller information regarding the implementation of such security measures upon the reasonable request of the Seller.

  • Data Security and Privacy Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries (i) is in compliance with all Data Security Requirements and (ii) has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with all Data Security Requirements to protect (A) the confidentiality, integrity, availability and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by or on behalf of the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft and modification. Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, (i) there are, and since January 1, 2022, have been, no pending complaints, investigations, inquiries, notices, enforcement proceedings, or Actions by or before any Governmental Authority and (ii) since January 1, 2022, no fines or other penalties have been imposed on or written claims, notice, complaints or other communications have been received by the Company or any Subsidiary, relating to any Specified Data Breach or alleging non-compliance with any Data Security Requirement. The Company and each of its Subsidiaries have not, since January 1, 2022, (1) experienced any Specified Data Breaches, or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole. The consummation of the transactions contemplated by this Agreement will not cause the Company Group to breach any Data Security Requirement, except as would not reasonably be expected to be material to the business of the Company Group, taken as a whole.

  • Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and its respective Subsidiaries may presently have and, after the Effective Time, may gain access to or possession of confidential or proprietary Information of, or personal Information relating to, Third Parties: (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or the other Party’s Subsidiaries, on the other hand, prior to the Effective Time or (ii) that, as between the two parties, was originally collected by the other Party or the other Party’s Subsidiaries and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause its Subsidiaries and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary Information of, or personal Information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or the other Party’s Subsidiaries, on the one hand, and such Third Parties, on the other hand.

  • Security and Privacy Security and privacy policies for the Genesys Cloud Service addressing use of Customer Data, which are incorporated by reference and may be updated from time to time in accordance with Section 10.12 of the Agreement, are located at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/articles/purecloud-security-compliance/.

  • Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”) except in each case, where such would not, either individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.